-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I. BACKGROUND
phpBB is a high powered, fully scalable, and highly customizable Open
Source bulletin board package. phpBB has a user-friendly interface,
simple and straightforward administration panel, and helpful FAQ.
Based on the powerful PHP server
This looks like a new version of what was mentioned in "Follow The
Bouncing Malware, Part III"
(http://isc.sans.org/diary.php?date=2004-11-04). The main thing it
installs appears to be the 180solutions spyware.
AnthraX101
On Mon, 15 Nov 2004 13:06:22 -0500, Brandy Simon <[EMAIL PROTECTED]> wrote
So move out of the country. Like someone said before, IF john kerry even had
the inclination that he could have one, you know they would have sued, and
vise versa, and to my current knowledge the ONLY talk of any of this is
right here on this message list, I have not seen it on TV, or the news
pape
Seems to be the classic buffer overflow. It's really easy to write a
little script to take advantage of this due to the -s switch for the
ftp program. I doubt that you could do anything remote with it though,
if you're able to drop a random binary file on the HD and execute a
command, there are bet
Yes please do. If there was an issue of fraud or hacking I'm sure the real
media would be all over it. Unfortunately it looks like us "geeks" are the
only one really arguing and discussing it.
Whoever started this message, thanks for congesting my inbox with useless
argument over the internet.
--
Decoding a file with repetitive XOR encryption is pretty easy. The
only way that this will be even remotely secure is if the encrypted
file is the same length or less then the length of the key file. The
danger then becomes transmitting the key file securely. This is called
a one-time pad. It is im
Best I can tell, the Norton filter looks something like this:
\xFF\xD8.*\xFF[\xE1\xE2\xED\xFE]\x00[\x00\x01].*
AnthraX101
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Interesting. It would appear to not be a JPEG worm, but rather to be
the regular old CHM exploits. The interesting thing about it is that
it simply calls a link that was posted to FD last week.
The JPG is simply HTML, which loads http://www.xf*s.com/msn/1.jpg into
the main page, with http://www.xf
Sasser I know it
is compacted with PECompact, probably it newer algorithm FFCE
codec.
I can grab a memory image of it but would really
like a tool to depack/decrypt it.
So is there anything that will reverse code the
newer PECompacts algorithm ?
Hope you can help,
Aaron
Sorry I do not
There's no new vulnerability other than the one in the original thread. I
was suggesting CERT maybe the place to take this to.
Jason do read the post in context please before sending it to somewhere out
of context, ie CERT
.
Aaron
___
Full-Discl
The following from an artical :-
http://www.newsforge.com/article.pl?sid=04/08/05/1236234
It turns out I was going about the process of vulnerability notification all
wrong. I should have gone to the United States Computer Emergency Readiness
Team to report them.
The US-CERT home page prov
d try these online scanners first :-
http://security.symantec.com/
http://www.pandasoftware.com/activescan/
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
source SPI presonal firewall for Windows.
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Look into the iptables/netfilter docs, located here:
http://www.netfilter.org/documentation/index.html
Connection tracking is explained here
http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html
Thanks I looked at netfilter a somewhile ago but found nothing on SPI.
Cheers,
Aaron
The program is called BHODemon. It is available from Definitive Solutions here:
http://www.definitivesolutions.com/bhodemon.htm
On Fri, 30 Jul 2004 09:59:54 -0500, Todd Towles
<[EMAIL PROTECTED]> wrote:
> There is a free piece of software somewhere that will grab all the BHOs
> (Browser Helper Ob
I am interested in finding information on SPI,
either algorithms, and/or open source code,
Hope you can help,
TCS
> Here's a
detailed description of what's going wrong with [STYLE]@;/*>> The
problem is the unterminated comment "/*"; IE computes the length of > the
comment for a memcpy opperation by substracting the end pointer form >
the start pointer. The comment starts behind "/*" and should end at "*
patched it
>
> http://packetstormsecurity.org.pk/0312-advisories/ie_showHelp.txt
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Horst
> Sent: dinsdag 13 juli 2004 22:11
> To: Matt Ostiguy
> Cc: Full-Disclosure ([EMAIL P
Yet another 6 month old exploit, just fixed!
http://www.securityfocus.com/archive/1/351379
Gotta love the fast Microsoft responses.
AnthraX101
On Tue, 13 Jul 2004 15:02:37 -0400, Matt Ostiguy <[EMAIL PROTECTED]> wrote:
> http://www.microsoft.com/technet/security/bulletin/MS04-024.mspx
>
> ___
Nick FitzGerald wrote:
Next time you want to help, try S'ing TFU and letting folk who know
what they are doing have a go, eh?
Okay, then what's your suggestion for the original poster?
Aaron
___
Full-Disclosure - We believe in it.
Cha
[snip original comments... read the archives if you don't know what
this thread is about]
Three comments:
1) Yes, playing with dst MAC addresses will work against most if not
all inline IPS solutions, and probably every sniffer based IDS... they
just don't track that sort of thing, although some d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
address block assigned to the VRRP
protocol. {VRID} is the VRRP Virtual Router Identifier. This
mapping provides for up to 255 VRRP routers on a network.
This is a VRRP MAC address. Whether it's a Nokia or other VRRP-speaker
we don't know.
Aaron
_
anner, that's a different issue. (and one
that will lead to all sorts of unintended problems...think about it for
a while.)
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Microsoft Active Server Pages Cookie Retrieval Issue
5 May 2004
Risk Level: Low
Summary:
The Active Server Pages (ASP) engine does not properly handle special
cookie values when they are retrieved. Because of this, an unhandled
error is returned to the client. This behavior can be used malicious
roperly filter the 090 to be something
unknown.
This really doesn't look like a security issue, though. Just lazy
coding. (Feel free to prove me wrong.)
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
...
Check out Djohn (distributed john):
http://ktulu.com.ar/en/djohn.php
HTH,
Aaron
--
http://aaronp.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
He also set up a fake General Dynamic HR site and requisition system
that he refers you to!!! That's a lotta work! That bastard!
Careful now...http://www.gd-ais.com
Aaron Chavez
EIS
210-543-5982 v
210-203-2264 p
-Original Message-
From: Schmehl, Paul L [mailto:[EMAIL PROT
Hey,
I've used two programs to get rid of some spyware I
had on my computer and another computer I was working on. The link to
ad-aware program is http://www.lavasoftusa.com/support/download/.
This is a good program to use. Also, I have tried the Spyware Search &
Destroy. That can be f
ookies to track a session ID,
which could lead to a compromise of user accounts when
combined with a javascript XSS.
[EMAIL PROTECTED] notified.
Aaron Horst
=
"A bug. Every system has a bug. The more complex the system, the more bugs.
Transactions circling the earth, passing throug
Just when I thought that PayPal may actually care for
their customers, I get the following message in my
inbox:
---
Dear *,
This holiday season...
Put PayPal Visa® at the top of your list!
0% Intro APR* for purchases. PLUS:
- $5 credit the first time y
D]
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/
Thank you, sir. I'm joining today :)
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
would an innovative mailing list administrator please create
[EMAIL PROTECTED] and force some of these bozos
over there?
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
http://www.carrel.org/dhcp-vuln.html
--
Aaron Mathews :: Network Administrator
[EMAIL PROTECTED], http://www.vistastaff.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ction
Buffer overflows in EXTPROC
Resources
You can download the presentation at
http://www.appsecinc.com/techdocs/presentations.html under the heading
"Writing Secure Code in Oracle Presentation".
I welcome comments and criticisms.
Regards,
Aaron
___
Aaron C. New
IY47686: Search Discovery Listener
Denial of Service Vulnerability".
Fix:
Apply FixPak 10a from IBM. This can be downloaded from the following
location:
http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/down
load.d2w/report
Regards,
Aaron
___
Aaron C.
t Data Access Components 2.5 SP2
If you have one of these packages installed, apply the hot fix from
http://support.microsoft.com/default.aspx?scid=kb;en-us;823718.
Acknowledgement:
Thanks to Cesar Cerrudo for researching this vulnerability!
Regards,
Aaron
___
Aaron C.
Advisory posted a short time ago (requires CCO login):
http://www.cisco.com/en/US/customer/products/hw/routers/ps341/products_security_advisory09186a00801a34c2.shtml
-Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full
38 matches
Mail list logo